Vulnerabilities > Redhat > Decision Manager > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-02 | CVE-2019-14892 | Deserialization of Untrusted Data vulnerability in multiple products A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. | 9.8 |
| 2020-01-02 | CVE-2019-14863 | Cross-site Scripting vulnerability in multiple products There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | 6.1 |
| 2020-01-02 | CVE-2019-14862 | There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | 6.1 |
| 2018-07-26 | CVE-2017-7545 | XXE vulnerability in Redhat Decision Manager, Jboss BPM Suite and Jbpm It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. | 6.5 |